Thomas Seifert wrote:
Hi there,
I'm trying to proxy and cache some ldap queries which would otherwise go to an IBM Tivoli Directory Server or another kind of ldap-server. Therefore I'm trying to use the pcache (proxycache) overlay in openldap 2.3.39.
Is there a problem with that setup so far?
No.
Would it need special adjustments to proxy another kind of ldap server than just openldap?
Maybe, depends on how willing to cooperate the proxied server is.
I'm having the problem, that I only get back on ldapsearch against the proxy
# search result search: 2 result: 32 No such object
which seems to get as far as getting the user authenticated as I get another error if I enter wrong credentials ;). Needless to say that everything is returned correctly if I just change the hostname to the direct ldap server.
The above error seems to indicate that the proxy is unable to determine what database can handle the requested search base. But you don't provide enough information to help tracking your issue. A log of the request by the proxy at "stats" level would have provided the required information.
My config is as follows with is directly derived from the configuration:
# proxycache settings database ldap suffix "o=domainname" rootdn "cn=Manager,o=domainname" uri ldap://hostname/o=domainname
^^^^ this is incorrect. As the man page clearly states, no "DN" portion must be provided in the URI (you should have gotten a warning about it, but who cares about warnings, eh? Next version it'll error out).
overlay pcache proxycache bdb 100000 1 1000 100 proxyAttrset 0 mail postaladdress telephonenumber proxyTemplate (sn=) 0 3600 proxyTemplate (uid=) 0 3600 proxyTemplate (&(sn=)(givenName=)) 0 3600 proxyTemplate (&(departmentNumber=)(secretary=*)) 0 3600
cachesize 20 directory /usr/local/openldap-proxycache/var/openldap-data/db.2.a index objectClass eq index cn,sn,uid,mail pres,eq,sub
Any ideas about this issue? Any way to further diagnose the problem?
See above.
I assume that every non-cacheable query is sent to the proxied ldap server anyway and its results are returned directly?
Correct.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------